Microsoft no longer supports MFA server for new deployments, but recommends using the NPS Extension for MFA configuration.
Hybrid Modern Authentication works for Outlook clients, but does not appear to provide MFA enforcement for OWA. In our scenario, we have Azure AD Connect deployed with pass-through authentication (No ADFS). Is there a way to enforce MFA on OWA for end users either using the NPS extension or another AD cloud service? We have Exchange 2016 Server with CU 15 deployed.